--- name: bms-log-prd-query description: > Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy. Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data. All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible. metadata: author: local version: 1.0.0 --- # BMS Production Log Query Skill > **Scope: ONLY `bms-prod` data view → `*bms*,*wos*` indices.** ## Connection Details (DO NOT re-verify — confirmed working) - **Auth**: Read from `~/.env` (home directory): - `BMS_LOG_PRD_URL` = Kibana proxy URL - `BMS_LOG_PRD_USERNAME` = elastic - `BMS_LOG_PRD_PASSWORD` = (stored in .env) - **ES Version**: 8.6.1 - **ES direct port**: NOT accessible. All queries go through Kibana console proxy. ## Data View Mapping | Kibana Data View | ES Index Pattern | |-----------------|------------------| | `bms-prod` | `*bms*,*wos*` | ## Kibana Console Proxy Format ``` POST https://kiblog.qx.com/api/console/proxy?path=&method=GET ``` Headers: `kbn-xsrf: true`, `Content-Type: application/json` ## Index Pattern - `bmslog-bms-prod-YYYY-MM-DD` — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend) ## Log Fields | Field | Description | |-------|-------------| | `@timestamp` | ISO 8601 timestamp | | `timestamp` | Original timestamp string | | `message` | Log message (Chinese/English) | | `level` | Log level: INFO, WARN, ERROR, etc. | | `app_name` | Application name (e.g. `bms-web`) | | `class` | Java class name | | `thread` | Thread name | | `traceId` | Distributed trace ID | | `host_ip` | Host IP address | | `log_origin` | Log origin identifier | | `stack_trace` | Exception stack trace (empty if no error) | ## Query Patterns ### Latest N logs ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "sort": [{"@timestamp": "desc"}], "size": 10 } ``` ### Search by keyword ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "multi_match": { "query": "", "fields": ["message", "stack_trace"] } }, "sort": [{"@timestamp": "desc"}], "size": 20 } ``` ### Search errors ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "bool": { "must": [ { "match": { "level": "ERROR" } } ] } }, "size": 20, "sort": [{"@timestamp": "desc"}] } ``` ### Search by traceId ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "term": { "traceId": "" } }, "sort": [{"@timestamp": "asc"}], "size": 100 } ``` ### Count docs ``` GET /api/console/proxy?path=/bmslog-bms-prod-/_count&method=GET ``` ## Rules 1. **Never re-probe ES connectivity** — Kibana proxy is the only working method 2. **Never try ES direct ports** — not accessible 3. **Never store credentials** in this file 4. **When user says "查 bms-prod" 或 "查生产日志" → query `bmslog-bms-prod-*` indices**